RH318 - ch04s02

In this exercise, you will integrate users from a Red Hat Enterprise Linux (RHEL) Identity Manager (IdM) server with your Red Hat Virtualization environment.

Outcomes

You should be able to configure the Red Hat Virtualization Manager to use the Red Hat Enterprise Linux Identity Manager server, preconfigured in the classroom as a source for user information.

You have the Red Hat Enterprise Linux Identity Manager server installed, preconfigured, and running on the utility system.

Log in as the student user on workstation and run the lab users-directory start command. This command verifies the operational state of the Red Hat Virtualization environment.

[student@workstation ~]$ lab users-directory start

From workstation, open an SSH session to rhvm as the root user.

[student@workstation ~]$ ssh root@rhvm
...output omitted...
[root@rhvm ~]#

Configure the Red Hat Virtualization Manager running on rhvm to use the Red Hat Enterprise Linux Identity Manager server as a source for user information.

Use the rpm command to verify that the ovirt-engine-extension-aaa-ldap-setup package is installed on rhvm.
```
[root@rhvm ~]# rpm -q ovirt-engine-extension-aaa-ldap-setup
ovirt-engine-extension-aaa-ldap-setup-1.3.9-1.el7ev.noarch
```
The ovirt-engine-extension-aaa-ldap-setup package is already installed because it is automatically included in a self-hosted engine installation, like the one used in this class.

To start the interactive setup, run the ovirt-engine-extension-aaa-ldap-setup command.

[root@rhvm ~]# ovirt-engine-extension-aaa-ldap-setup
[ INFO  ] Stage: Initializing
[ INFO  ] Stage: Environment setup
          Configuration files: ['/etc/ovirt-engine-extension-aaa-ldap-setup.conf.d/10-packaging.conf']
          Log file: /tmp/ovirt-engine-extension-aaa-ldap-setup-20190702112955-wwd3ln.log
          Version: otopi-1.8.2 (otopi-1.8.2-1.el7ev)
[ INFO  ] Stage: Environment packages setup
[ INFO  ] Stage: Programs detection
[ INFO  ] Stage: Environment customization
...output omitted...

Type 6 to select IPA from the Available LDAP implementations list.

...output omitted...
           6 - IPA
...output omitted...
          Please select: 6

Press Enter to accept the default setting of using DNS to resolve the host name of the Red Hat Enterprise Linux Identity Manager server.

...output omitted...
          NOTE:
          It is highly recommended to use DNS resolution for LDAP server.
          If for some reason you intend to use hosts or plain address disable DNS usage.

          Use DNS (Yes, No) [Yes]: Enter

Type 1 to select Single server from the Available policy method list.

...output omitted...
          Available policy method:
           1 - Single server
           2 - DNS domain LDAP SRV record
           3 - Round-robin between multiple hosts
           4 - Failover between multiple hosts
          Please select: 1

Type utility.lab.example.com to specify the host address of the Red Hat Enterprise Linux Identity Manager server.
```
Please enter host address: utility.lab.example.com
```
Press Enter to accept the default secure connection method (StartTLS) for the Red Hat Enterprise Linux Identity Manager server.
```
...output omitted...
          Please select protocol to use (startTLS, ldaps, plain) [startTLS]: Enter
```

Select the URL method to obtain the CA certificate.

Please select method to obtain PEM encoded CA certificate (File, URL, Inline, System, Insecure): URL

Specify http://utility.lab.example.com/ipa/config/ca.crt as the URL to the CA certificate.

URL: http://utility.lab.example.com/ipa/config/ca.crt
[ INFO  ] Connecting to LDAP using 'ldap://utility.lab.example.com:389'
[ INFO  ] Executing startTLS
[ INFO  ] Connection succeeded

The Red Hat Enterprise Linux Identity Manager server in the classroom has been configured with a user that the RHV Manager can use to search the LDAP directory for user information. The user DN is uid=rhvadmin,cn=users,cn=accounts,dc=lab,dc=example,dc=com. The password for this DN is redhat.
```
Enter search user DN (for example uid=username,dc=example,dc=com or leave empty for anonymous): uid=rhvadmin,cn=users,cn=accounts,dc=lab,dc=example,dc=com
Enter search user password: redhat
[ INFO  ] Attempting to bind using 'uid=rhvadmin,cn=users,cn=accounts,dc=lab,dc=example,dc=com'
```

Accept dc=lab,dc=example,dc=com as the proposed base DN by pressing Enter.

Please enter base DN (dc=lab,dc=example,dc=com) [dc=lab,dc=example,dc=com]: Enter

Type No to indicate that you will not use single sign-on for virtual machines.

Are you going to use Single Sign-On for Virtual Machines (Yes, No) [Yes]: No

Specify lab.example.com as the name of the profile for the external domain.

Please specify profile name that will be visible to users [utility.lab.example.com]: lab.example.com
[ INFO  ] Stage: Setup validation

Test the login function to ensure that the Red Hat Enterprise Linux Identity Manager server is connected to the Red Hat Virtualization Manager.

NOTE:
It is highly recommended to test drive the configuration before applying it into engine.
Login sequence is executed automatically, but it is recommended to also execute Search sequence manually after successful Login sequence.

Please provide credentials to test login flow:
Enter user name: rhvadmin
Enter user password: redhat
[ INFO  ] Executing login sequence...
...output omitted...
[ INFO  ] Login sequence executed successfully

Press Enter to use Done as the default selection. This completes the configuration.

Please make sure that user details are correct and group membership meets expectations (search for PrincipalRecord and GroupRecord titles).
Abort if output is incorrect.
Select test sequence to execute (Done, Abort, Login, Search) [Done]: Enter
[ INFO  ] Stage: Transaction setup
[ INFO  ] Stage: Misc configuration (early)
[ INFO  ] Stage: Package installation
[ INFO  ] Stage: Misc configuration
[ INFO  ] Stage: Transaction commit
[ INFO  ] Stage: Closing up
          CONFIGURATION SUMMARY
          Profile name is: lab.example.com
          The following files were created:
              /etc/ovirt-engine/aaa/lab.example.com.jks
              /etc/ovirt-engine/aaa/lab.example.com.properties
              /etc/ovirt-engine/extensions.d/lab.example.com-authz.properties
              /etc/ovirt-engine/extensions.d/lab.example.com-authn.properties
[ INFO  ] Stage: Clean up
          Log file is available at /tmp/ovirt-engine-extension-aaa-ldap-setup-20190702121518-kusgin.log:
[ INFO  ] Stage: Pre-termination
[ INFO  ] Stage: Termination

Use systemctl to restart the ovirt-engine service. Wait for the service to finish activating components before accessing the RHV Manager Administration Portal. Log out of rhvm.
```
[root@rhvm ~]# systemctl restart ovirt-engine
[root@rhvm ~]# logout
Connection to rhvm closed.
[student@workstation ~]$ 
```
On workstation, open Firefox and navigate to https://rhvm.lab.example.com/ovirt-engine. From the page that displays, click on the Administration Portal link.
If the RHEL IdM server was successfully integrated with the RHV Manager, you will see lab.example.com as one of the listed profiles. To login using the lab.example.com profile, you must first map the domain user accounts to appropriate roles. You will map the domain user accounts in the next guided exercise.

Finish

On workstation, run the lab users-directory finish script to complete this exercise.

[student@workstation ~]$ lab users-directory finish

This concludes the guided exercise.

Discuss Red Hat Virtualization

Go to community

Welcome to the Red Hat Virtualization (RH318) group in the Red Hat Learning Community!

cschunke

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Virtualization! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH318.Read more about Red Hat Virtualization here.

284

Revision: rh318-4.3-c05018e